|CVSS SCORE||7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
OnCell Central Manager
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 19418. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the MessageBrokerServlet servlet, which does not ensure a user is authenticated prior to accepting commands. An attacker can exploit this condition to perform various actions, including addUserAndGroup, to take full control of the product and achieve code execution on all managed hosts.
02/05/2015 - ZDI sent reports to ICS-CERT
-- Vendor Patch:
|CREDIT||Andrea Micalizzi (rgod)